Avast Business Antivirus Pro Plus starts at $174.96 for five devices per yea. That price tag wraps the popular consumer desktop antivirus and security engine in a hosted endpoint protection package attractive to small businesses, since it’s delivered as an easy to deploy and manage Software as a Service (SaaS) platform. While it’s well-featured overall, we were disappointed to discover that just as when we tested it last year, the product still focuses entirely on Windows and Mac desktops, completely avoiding mobile devices. While it has added some nice ancillary capabilities, including a VPN service, a sandbox browser, and data shredder. its lack of mobile support and some weaknesses in reporting keep it behind our Editors’ Choice winners, Bitdefender GravityZone Ultra, ESET Endpoint Protection, and Sophos Intercept X.
Avast’s web console is greatly improved from when we last tested it, but could still use some work. The opening dashboard gives a quick overview of the device count, the number of threats detected, and a trend line of threats, but doesn’t include significant detail. You’ll find buttons to quickly jump to the reports section where that detail can be found, so while not ideal, it’s still workable. On the plus side, however, there is a new patch management dashboard that gives you a count of how many devices need patching. This feature deserves some unpacking since it is, perhaps, the biggest improvement Avast has made to the platform over the last year.
The Patches page lists out which Windows devices require software patching. This includes not only Windows itself, but also over 100 different and popular software packages from vendors that include Apple, Google, and Adobe. Patching has always been at the core of a good security program, so having it managed from the same window as your core security suite is both intuitive and very useful. Being able to patch and rollback systems from here without the aid of Active Directory can be a tangible benefit to the life of a small business IT professional.
Once on the Device page, you’ll find a significant amount of detail regarding threats. In addition to showing the date detected and threat name, it also shows which mode was responsible for detecting the problem. Knowing whether the File Shield, Behavior Shield, or Web Shield blocked the threat can give some indication on where and how users are being attacked. While this isn’t exactly root cause analysis, it should still be able to drive newer and better security policies. Administrators can quickly add new devices by clicking the Download Antivirus button and choosing an installer package, or just providing email addresses so clients can receive their download links directly.
The downside to the deployment process came when we looked for any kind of mobile device support. There is none, which is the same situation we found when we last tested the product in 2019. A desktop focus is fine for a low-device consumer orientation; but for businesses, protecting multiple devices and operating systems is the norm. So simply ignoring the mobile side of things, similar to Vipre Endpoint Security Cloud, is a definite ding.
Avast has a solid, though slightly basic set of management features. For organizational benefit, devices can also be grouped together with settings templates. You can use the default settings templates here or build a custom template by traveling to the Device Settings page. Default template configuration is good for general use partially because it enables Avast’s DeepScreen feature, which is how Avast knows how to deal with unknown files. The only opportunity to make the antivirus engine more aggressive is to activate a Hardened Mode. If Avast begins to report false positives for specific file paths or URLs (Uniform Resource Locators). administrators can add these to an exclusion white list. For testing purposes, we used the most aggressive settings.
Configuring notifications is also straightforward. The available notifications are all on a single page with a toggle switch to turn them on or off in the application. Below each of them is a pulldown menu that lets you specify if you want to receive that notification instantly via email, batched and delivered at the end of the week, or not at all. There is enough detail in the notifications to be helpful without being annoying.
On the reporting side we also found some improvements over when we last tested Avast, but it’s still missing some critical components It does do a better job than the dashboard of giving you an overview of threat activity, but even the threat report, which is the most informative of the four reports available, doesn’t allow any form of scheduling. It also still can’t provide an audit log, which is a key forensic tool, which means you’ll find yourself looking through individual client logs to get any real detail. For a centrally managed service, this piece still needs more work, though to be fair, it’s clear Avast is putting in the effort, so we’ll be interested to see where things are a year from now.
As mentioned above, the most notable new feature is the ability to check for missing software patches on each endpoint. Patching has long been a struggle for smaller businesses that usually requires a separate tool entirely, especially for security-critical patches like those from Microsoft. While Microsoft, in particular, has gone a long way towards ensuring that its Windows 10 operating system will catch most unpatched systems, some still slip through the cracks. Avast gives admins a nice user interface to review unapplied patches and apply them on the spot, thereby cutting down on potential vulnerabilities.
As always, the first test we applied to Avast executed a phishing attack. We used 10 samples from PhishTank, a website that lists known phishing websites. We navigated to each using the Internet Explorer browser on our test machine. Two of the websites were allowed to connect, two were caught by Avast as potential phishing websites, and an alert was shown on screen. The remaining 6 were caught by Microsoft SmartScreen, which is the internal anti-phishing tool in IE and Edge. While the net effect was 80% in terms of catching phishing attacks, we’ve seen better from tools like our Editors’ Choice winners, Vipre, and Panda Security Adaptive Defense.
The next test was to download and execute a fresh malware database against the test system. On executing the extraction program, all samples were detected out of the gate. Avast gave them no opportunity to execute, which is the best possible outcome. This indicates that Avast works well against existing threats.This was followed by our third test, which involves using browser-based exploits.
In this case, we used the well known Internet Explorer MS06-14 vulnerability. Although it was reported way back in 2006, the attack still has a good success rate, which means appropriately encoded payloads can slip past Windows Defender. We set our trap and then navigated to the dummy site using Internet Explorer. Then we checked to see if a remote shell had created, which would have meant the attack succeeded, but Avast aborted the connection and noted that it could have resulted in an infection.
This active attacker test assumes that a limited account on a machine on your local network has been compromised because its remote desktop protocol (RDP) password has been brute forced. As a first step after gaining access to the remote machine, we encoded a variety of Metasploit Meterpreter payloads. Of the 42 that were copied to the desktop via RDP only 7 remained for execution testing. Of those remaining 7, two were blocked from executing via hardened mode and five were removed by Avast’s File Shield as malicious malware. This makes it obvious that Avast has gotten better at detecting what most common script kiddies might throw at it.
However, that still leaves two exploits that weren’t immediately removed as malware. While Avast noted them, it simply flagged them as unknown. If they’re attached to a legitimate program, someone might easily add an exclusion for them since they aren’t categorized as malware. Doing that, we were able to maintain a persistent session using the Metasploit Meterpreter, but loading any extensions that would have allowed malicious activity were stopped immediately. While not a perfect score, the latter is good news for folks trying to protect their systems from ransomware and other malware that likes to hide on systems for later “detonation”
Double-checking our results with third-party testing was interesting. AV-Comparatives assigned Avast a 98.6 percent protection rate in 2019, which was somewhat middle of the road compared to the competition. However, it did have surprisingly few false alarms. even compared to field leaders, like Bitdefender, which had 25.
Avast Business is an good service, and it makes managing security an easy task for a small business administrator. Since we last reviewed it, the platform has significantly upped its level of protection against known threats and has evolved well beyond what we saw last year. The addition of its patch management capability was certainly welcome and should serve to differentiate the product from its competition. Still, its lack of mobile support, somewhat light reporting, and good-but-not-stellar performance results indicate that Avast still has some room to improve before threatening market leaders, like Bitdefender.
Matthew D. Sarrel, CISSP, is managing director for CMG, a worldwide organization of IT performance and scalability professionals. He is also a technical marketing consultant and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com See Full Bio
World news – GB – Avast Business Antivirus Pro Plus